The World's Most Hackable Cars

Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers.

Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers.

If you drive a 2014 Jeep Cherokee, a 2014 Infiniti Q50, or a 2015 Escalade, your car not only has state-of-the-art network-connected functions and automated features, but it's also the most likely to get hacked.

That's what renowned researchers Charlie Miller and Chris Valasek concluded in their newest study of vulnerabilities in modern automobiles, which they will present Wednesday at Black Hat USA in Las Vegas. The researchers focused on the potential for remote attacks, where a nefarious hacker could access the car's network from afar -- breaking into its wireless-enabled radio, for instance, and issuing commands to the car's steering or other automated driving feature.

The researchers studied in-depth the automated and networked functionality in modern vehicle models, analyzing how an attacker could potentially access a car's Bluetooth, telematics, or on-board phone app, for example, and using that access to then control the car's physical features, such as automated parking, steering, and braking. Some attacks would require the attacker to be within a few meters of the targeted car, but telematics-borne attacks could occur from much farther away, the researchers say.

Not surprisingly, the vehicles with fewer computerized and networked functions were less likely to get attacked by a hacker. "The most hackable cars had the most [computerized] features and were all on the same network and could all talk to each other," says Miller, who is a security engineer at Twitter. "The least hackable ones had [fewer] features, and [the features] were segmented, so the radio couldn't talk to the brakes," for example.

The 2014 Infiniti Q50 would be the easiest of all to hack because its telematics, Bluetooth, and radio functions all run on the same network as the car's engine and braking systems, for instance, making it easier for an attacker to gain control of the car's computerized physical operations.

Different vehicles had different network configurations: Some had Bluetooth on a separate network than the steering and acceleration systems.

The researchers say the 2014 Dodge Viper, the 2014 Audi A8, and the 2014 Honda Accord are the least hackable vehicles. They ranked the Audi A8 as the least hackable overall because its network-accessible potential attack surfaces are separated from the car's physical components such as steering, notes Miller. "Each feature of the car is separated on a different network and connected by a gateway," he says. "The wirelessly connected computers are on a separate network than the steering, which makes us believe that this car is harder to hack to gain control over" its features.

By contrast, the 2014 Jeep Cherokee runs the "cyber physical" features and remote access functions on the same network, Valasek notes. "We can't say for sure we can hack the Jeep and not the Audi, but… the radio can always talk to the brakes," and in the Jeep Cherokee, those two are on the same network, he says.

As cars become more networked and interface with Smartphones to offer more functionality, security will be a key differentiator. Luxury cars should lead the inovation as more secure HW and SW will be required. This means additional cost but more importantly a differentiator. If you are making business calls or buying stocks from the road, you will pay more for security. I forsee the time when we will buy security and antivirus SW for our vehicles. Let Google and Apple begin the race...